Nadarajah Asokan, Espoo FI

Nadarajah Asokan, Espoo FI

Patent application number

Description

Published

20080267406

Method and Device for Verifying The Integrity of Platform Software of an Electronic Device - A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.

10-30-2008

20080320308

Method for remote message attestation in a communication system - The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device.

12-25-2008

20090164783

METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATION OF FRAGMENTS USING HASH TREES - An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment.

06-25-2009

20090165077

Method, Apparatus and Computer Program Product for Secure Software Installation - A method, apparatus and computer program product are provided for secure software download or installation. In this regard, sensory notifications and cognitive activities are implemented prior to proceeding to a download or installation procedure. For example, a sensory notification can be provided if security attributes of software are noncompliant with security preferences. Additionally, performance of a task can be required if security attributes of software are noncompliant with the security preferences prior to installation of the software, wherein requiring performance of a task comprises selecting the task such that the task is variable from one installation of the software to another installation of the software.

06-25-2009

20090327713

SYSTEM AND METHOD FOR ESTABLISHING BEARER-INDEPENDENT AND SECURE CONNECTIONS - A system and method for efficiently enabling local security connectivity between electronic devices over multiple bearers. Electronic devices are configured to advertise, over each bearer, their respective configuration parameters for each bearer. After a connection has been established between the electronic devices over a first bearer, the two electronic devices use the first bearer to establish connections over the other bearers using the configuration parameters contained in the advertisements and advertised over the first bearer. Shared keys are established for the other bearers either using keys derived from the first shared key or by using the first secure connection as an out-of-band channel. The present invention also provides for the creation of an ad hoc WLAN connection once a Bluetooth connection has been established.

12-31-2009

20100266128

CREDENTIAL PROVISIONING - Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (

10-21-2010

20110093938

METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION - An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device

04-21-2011

20110289560

Method And Apparatus To Bind A Key To A Namespace - A method includes identifying an application installed on a device as an authorized application of a certain domain, the application being signed with a private key; deriving a signer identity using a public key that forms a key pair with the private key; mapping the certain domain to another domain using a deterministic function map; making a request to the another domain to obtain a list of signer identities that are authorized to act on behalf of the certain domain; determining whether the signer of the application is in the list and, if it is, authorizing the application to act with the same privileges as granted in the certain domain. Apparatus and computer programs for performing the method are also disclosed.

11-24-2011

20120011559

METHOD AND APPARATUS FOR SELECTING A SECURITY POLICY - An approach is provided for selecting a security policy. A security policy manager determines, at a device, context information associated with a place. The security policy manager then determines a safety score associated with the place based, at least in part, on the context information and selects a security policy for the device based, at least in part, on the safety score.

01-12-2012

20120079570

METHOD AND APPARATUS FOR ACCELERATED AUTHENTICATION - Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.

03-29-2012

20120096402

Method, an Apparatus, and a Computer Program Product for Reducing the Need of User Prompts - The application concerns an apparatus, a computer program product and a method comprising electronically controlling an application to be executed with default policies throughout application tasks; noticing when a default policy is an inappropriate action for an application task being encountered in said application; activating another policy from a list of default and alternative policies to said application. The solution reduces the need of user prompts when a situation expecting a policy decision is encountered.

04-19-2012

20120185910

METHOD AND APPARATUS FOR ADJUSTING CONTEXT-BASED FACTORS FOR SELECTING A SECURITY POLICY - An approach is provided for selecting a security policy. A security policy manager determines one or more factors for adjusting a safety score associated with a device. The safety score is based, at least in part, on a context associated with the device. The security policy manager then processes and/or facilitates a processing of the one or more factors and the safety score to calculate an adjusted safety score, and determines to select a security policy based, at least in part, on the adjusted safety score.

07-19-2012

20120239936

CREDENTIAL TRANSFER - Methods and apparatus, including computer program products, are provided for credential transfer. In one aspect there is provided a method. The method may include receiving, at a first device, an authorization token; determining, at the first device, a delegation token, one or more credentials, and metadata; and providing, by the first device to a second device, the delegation token, the one or more credentials, and the metadata. Related apparatus, systems, methods, and articles are also described.

09-20-2012

20120311315

Method and Apparatus to Reset Platform Configuration Register in Mobile Trusted Module - In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting (

12-06-2012

20120324214

Method and Apparatus to Provide Attestation with PCR Reuse and Existing Infrastructure - The exemplary embodiments or the invention provide at least a method, apparatus, and program of computer instructions to perform operations including receiving a challenge from a prover device, reading and saving an old value of a selected platform configuration register, obtaining at least one measurement or property and forming a new platform configuration register value, where the forming includes calculating a cryptographic hash over the old value of the platform configuration register and the obtained at least one measurement or property, triggering, with the trusted software, an attestation by sending a challenge to a trusted platform module/mobile platform module, and sending by the prover device a device certificate, attestation, at least one measurement or property, and old platform configuration register value to the verifier. Further, the exemplary embodiments or the invention teach sending a challenge to a trusted software of a prover device, and receiving by the verifier device a device certificate, attestation, at least one measurement or property, and an old platform configuration register value from the prover device, checking by the verifier device that extending the old platform configuration register value with the at least one measurement or property results in a new platform configuration register value that has been attested, and using the new platform configuration register value in attestation of the prover device.

12-20-2012

20130185777

Methods And Apparatus For Reliable And Privacy Protecting Identification Of Parties' Mutual Friends And Common Interests - Systems and techniques for authenticating joint friends of users of wireless devices. An authenticating authority delivers a token to a wireless device for each party identified as a friend of a user of the wireless device, such as through relationships in an online social network. Two wireless devices can use information relating to the tokens to determine information relating to joint friends of the users of the devices, such as the identities of joint friends or simply the numbers of joint friends. Tokens can be further refined to allow for analysis that provides information relating to the degree of intimacy of the relationship between a user and a party identified as a friend.

Mechanisms for Certificate Revocation Status Verification on Constrained Devices - A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification.

12-19-2013

20140298016

METHOD AND APPARATUS FOR IDENTITY BASED TICKETING - A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.

10-02-2014

20150019872

METHOD AND DEVICE FOR VERIFYING THE INTEGRITY OF PLATFORM SOFTWARE OF AN ELECTRONIC DEVICE - A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.